Welcome! Log In Create A New Profile

Advanced

Re: "nginx does not suck at ssl"

Previous Message Next Message
Forum List Message List New Topic Print View
Grant
March 11, 2013 03:46PM
>> After reading "nginx does not suck at ssl":
>>
>> http://matt.io/entry/ur
>>
>> I'm using:
>>
>> ssl_ciphers
>> ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;
>
> Some of us use the following to mitigate BEAST attacks:
> ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;

Thanks Mark, this is supposed to mitigate BEAST as well and it's only
slightly different than the default:

ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Here is mex's link again:
https://www.ssllabs.com/ssltest/

I use the following for better performance:

ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;

Reference:
http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance

- Grant

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

"nginx does not suck at ssl"

Grant March 10, 2013 12:56AM

Re: "nginx does not suck at ssl"

mex March 10, 2013 06:02AM

Re: "nginx does not suck at ssl"

Grant March 10, 2013 05:42PM

Re: "nginx does not suck at ssl"

Mark Alan March 11, 2013 04:42AM

Re: "nginx does not suck at ssl"

Grant March 11, 2013 03:46PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 306
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready